Battle.net Authenticator By-Pass Now Active

A Battle.net Authenticator can represent an excellent way to add an additional layer of security to your Battle.net account. We appreciate that our players make use of their authenticators, and to help make them more convenient, we’ve introduced the authenticator by-pass. Those of you that have World of Warcraft accounts may already be familiar with how it works: when you log into a Blizzard game from the same location, you won’t always be prompted for an authentication code until you attempt to log in from a different location.

The authenticator bypass is active for StarCraft II, and is enabled by default. Those of you who wish to disable this feature can do so by opting out of the bypass on your Battle.net account management page. If you opt out of the by-pass, you will be prompted by Battle.net for an authentication code each time you log in.

I too have to enter my code again after a few days of it being by-passed, and i most definetly did not login from a different computer. I want to see if this is a known bug/issue/supposed to happen, or if it is from someone else trying to gain access to my account

It (generally) has nothing to do with someone logging into your account. They take note of your IP address (given to you by your service provider) and as long as it looks like you are still playing from home/work, It will not bother you again. However, most internet service providers (ISP) will only give you the address for a limited time (between a week, 2 weeks, few days, or just a modem reset) when this address changes, Blizzard gets a red flag on your account saying: "This guy seems to be logging in from a new location" and asks you to prove you are the owner of the game/validator.

If you want to see this in action:1. Log into the game2. google "ipchicken" (or something similar) and take note of your IP address3. next time it requests your validator, check and see, there's a very good chance your IP is different from last time you checked.

I hope this helps alleviate the concern some of you are having, There's a very good chance you are not having hacking attempts on your account each week, and the validator only makes you safer :)

I try not to post when I have little to add, but I'm making an exception here:

Very big thank you for allowing my authenticator to work as it did when I purchased it, I was more than a bit upset when it was disabled without my choice. The fact you originally changed it without warning at all, and didn't allow an opt-out for many months was fairly terrible planning and customer service. But at least its set up correctly now, again thanks.

I get asked for my code every 7 days or the next time I log in after that.

One thing that can cause behavior like this is if your internet service provider (ISP) changed the IP address you use with them. Some ISPs will keep you on the same IP address for a long time, other ISPs may shuffle you around now and then.

If your ISP gives you a new IP address, the Blizzard login sees this as a new location, and may ask for the authenticator.

It (generally) has nothing to do with someone logging into your account. They take note of your IP address (given to you by your service provider) and as long as it looks like you are still playing from home/work, It will not bother you again. However, most internet service providers (ISP) will only give you the address for a limited time (between a week, 2 weeks, few days, or just a modem reset) when this address changes, Blizzard gets a red flag on your account saying: "This guy seems to be logging in from a new location" and asks you to prove you are the owner of the game/validator.

If you want to see this in action:1. Log into the game2. google "ipchicken" (or something similar) and take note of your IP address3. next time it requests your validator, check and see, there's a very good chance your IP is different from last time you checked.

I hope this helps alleviate the concern some of you are having, There's a very good chance you are not having hacking attempts on your account each week, and the validator only makes you safer :)

While logging in from a different IP will trigger the request for the authenticator code, it is not the only trigger. There is still a periodic (I believe every 7 days or so) trigger. How do I know this? My system at home (the only place I play WoW from) has a static IP address; yet I still see the periodic request for the authenticator.

There are clearly other factors to reset it, but I was just allaying the concerns with a basic explanation of whats happening behind the scenes. I'm using a static addresses as well and have been for many years.

This is nothing to do with the inner workings of their validation system, I just felt it would be nice to have these people less concerned that they are being hacked every couple hours - which is very much not the case.

You are not contributing anything here by nit picking at what wasn't intended to be a comprehensive explanation.

Once again, getting and using the validator is the best thing you can do for your account security. They are free if you get one for your smart phone (brands supported are listed on blizzard's website) and have been used (SecureID) for years to keep safe much more important things than your video game accounts, such as government defense documents and various sensitive networks. Enjoy the core-hound pet as well, pointing out to the would-be hackers of your server; that your account is considerably harder to access than one without :)

I'm glad to see this trend being continued; hopefully there isn't nearly as much drama this time around as last! The authenticator is a very useful tool, but it can be a bit tedious to have to put it back in each time you log into a game, especially after a patch when you're constantly changing configuration options and may need to continually relog from the game.

It would definitely be more difficult to implement, but it would be interesting to see this implemented on the website as well. We don't transfer the same sort of data when logging into the website, although there may be some way to work around that. Wishful thinking? :)

**EDITAnd for those of you that care to see the previous discussion on this change:

Those of you who wish to disable this feature can do so by opting out of the bypass on your Battle.net account management page. If you opt out of the by-pass, you will be prompted by Battle.net for an authentication code each time you log in.

That should remove any and all objections to this change. In the end this is an excellent feature!________________________________________________The wise speak only of what they know. - J.R.R. TolkienCORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSDLive Support: irc://chat.freenode.net/wowtech

but it would be interesting to see this implemented on the website as well. We don't transfer the same sort of data when logging into the website, although there may be some way to work around that. Wishful thinking? :)

I have been wondering this also. This is a website feature I would love.

This was a great thing to add. Effectively you're 'Greylisting' logins so that you have a good balance between security and ease of use. Initially, I found having to enter the code every time a hassle, but entering it periodically from different IP's is perfectly suitable, as a successful login from one IP is likely to be a valid user and there's no need to recheck upon subsequent logins for at least a few days.

Almost everyone I know w/o an authenticator has been hacked, and they've been totally fine since adding one to their account. This adds a whole lot of headache when you have people with guild access rights that can lead to GB thefts as well as personal accounts, and at this point we do not give much authorization at all to players w/o an authenticator due to a few mishaps in the past.

I've had one since I joined WoW, primarily b/c it was soon after I got my first iPhone and immediately noticed that the authenticator app was available for free. Between the different mobile platforms this has done a LOT of good for making account authentication very accessible, reducing both user woes and Blizz support resources. Extending the bypass to SC2 (and eventually, presumably D3) is really a given.

I agree with other posters' comments about battle.net logins themselves - would it be possible to allow bypass but to still require entering in the auth codes when viewing any page that involves account management changes?

Thank you very much for implementing this. For us overly-paranoid folks, a little extra peace of mind is always nice.________________________________________________Customer Support Forum MVPHDL - http://hdl-the-guild.com/~nodrama/E-mail - neppyman.no@spam.gmail.com"Wiggle, wiggle, wiggle, wiggle, wiggle."

Those of you that have World of Warcraft accounts may already be familiar with how it works: when you log into a Blizzard game from the same location, you won’t always be prompted for an authentication code until you attempt to log in from a different location.

Every time I log in from a different location, I get a message saying my account has been compromised and I need to reset my password etc...

It would be NICE if what the OP said was the case, but it's not, so this Authenticator option is useless to me. If I log in from a different location then its about 20 minutes story trying to get access to my account again. Absurd.

Those of you who wish to disable this feature can do so by opting out of the bypass on your Battle.net account management page. If you opt out of the by-pass, you will be prompted by Battle.net for an authentication code each time you log in.

This is appalling security practice. 'Hey guys, you know how for the last few years we've been telling you all that the Authenticator will prompt you each time you login, well without asking you we've lowered the security on your account'. Not even a Fair Notice email about it. Well, maybe they are mailing us but personally I'd rather have heard about this a week or so before implementation, not after the fact.I've not been playing the game recently. Haven't put the latest patch on yet. No idea if it's mentioned in the patch notes that the security of my account has been lowered without my consent and without proper disclosure to me as the account holder.I would have been completely unaware of the lowering of my security if I hadn't thought about sticking my head in to CSF to see how the new patch was shaking out, merely from a geeky interest point of view.I appreciate Daxxarri's post, moreso because I had NO knowledge of the change in security, as well as Kodiac's pointer to (practically) some other random thread.I just boggle at the lack of notification beyond some forum posts that if I'd not seen, I would've been in the dark. On class changes, game changes etc., I can deal with that. Lack of notification on lowering of default security settings is inexcusable. Seems the only reason Blizz wanted to contact me recently is to flog me an annual pass. This tells me that $ > safety. Far less inclined to resub now than ever before./rant